Episode Overview:

In this episode of Cyber Focus, host Frank Cilluffo sits down with Robert M. Lee, CEO and co-founder of Dragos, a leading industrial control systems (ICS) and operational technology (OT) cybersecurity firm. Rob shares his insights on the evolution of operational technology, the critical importance of ICS cybersecurity, and the increasing threat of cyber-enabled attacks on physical infrastructure. The discussion covers key incidents, including past cyberattacks on power grids and water systems, and the growing threat from adversaries seeking to cause real-world physical damage through digital means. Lee also provides an inside look at Dragos’ recent research and the lessons learned from major global cyber events, such as the attacks in Ukraine.

Main Topics:

• Introduction to Operational Technology (OT) and its distinction from IT.
• Cyber-enabled attacks on physical infrastructure, with real-world examples.
• Ukraine cyberattacks on power grids and the lessons learned from these incidents.
• Dragos' recent findings on ICS malware, including PipeDream and Frosty Goop.
• The importance of a risk-based approach in ICS security.
• Emerging threats and global cybersecurity trends, along with the role of collaboration between government and industry.

Key Quotes:
"[Operational technology] is all the stuff you have in IT, plus physics. - Robert M. Lee
"These are cyber enabled attacks that can have physical consequences." - Frank Cilluffo
"[PipeDream] is the first time we've seen ICS or OT malware that is repeatable, reusable, and scalable across industries. It works in everything from a servo motor on an unmanned aerial vehicle to a gas turbine" - Robert M. Lee
"There was an attack in 2017 where an adversary broke in to a petrochemical facility in Saudi Arabia explicitly to cause an event at a facility that would have killed people if they were successful." - Robert M. Lee
"Right now in the operations technology community, we deal with low frequency, high consequence attacks. IT deals with high frequency, low consequence attacks. And if we start to see scale, we're going to start to see medium to then high frequency, high consequence attacks. We're not ready." - Robert M. Lee
Relevant Links and Resources:
https://hub.dragos.com/hubfs/Reports/Dragos-FrostyGoop-ICS-Malware-Intel-Brief-0724_r2.pdf?hsLang=en
https://www.dragos.com/blog/industry-news/chernovite-pipedream-malware-targeting-industrial-control-systems/
https://www.cnn.com/2024/04/28/opinions/small-town-water-systems-global-hacking-cyber-targets-lee/index.html
Guest Bio:

Rob Lee is the CEO and co-founder of Dragos, a cybersecurity company focused on protecting industrial control systems (ICS) and operational technology (OT). With a background in military and intelligence, Rob has worked at the National Security Agency (NSA) and U.S. Cyber Command. He has been instrumental in raising awareness about the vulnerabilities in critical infrastructure and the need for better OT cybersecurity. Rob is widely recognized as a leader in the field, advising government agencies and industry leaders on protecting essential services from cyberattacks.